Skip to content

Commit

Permalink
Revert "share the use of static functions in Mfa authproc"
Browse files Browse the repository at this point in the history
This reverts commit 9d6bd38.
  • Loading branch information
briskt committed Jun 11, 2024
1 parent 2c9a87d commit 4cb55ef
Show file tree
Hide file tree
Showing 2 changed files with 65 additions and 9 deletions.
8 changes: 4 additions & 4 deletions modules/mfa/lib/Auth/Process/Mfa.php
Original file line number Diff line number Diff line change
Expand Up @@ -320,7 +320,7 @@ public static function getTemplateFor(string $mfaType): string
* @param array $state
* @return string
*/
public static function getRelayStateUrl(array $state): string
protected static function getRelayStateUrl($state)
{
if (array_key_exists('saml:RelayState', $state)) {
$samlRelayState = $state['saml:RelayState'];
Expand Down Expand Up @@ -407,12 +407,12 @@ protected function initComposerAutoloader(): void
}
}

public static function isHeadedToUrl(array $state, string $url): bool
protected static function isHeadedToMfaSetupUrl($state, $mfaSetupUrl)
{
if (array_key_exists('saml:RelayState', $state)) {
$currentDestination = self::getRelayStateUrl($state);
if (! empty($currentDestination)) {
return (strpos($currentDestination, $url) === 0);
return (strpos($currentDestination, $mfaSetupUrl) === 0);
}
}
return false;
Expand Down Expand Up @@ -579,7 +579,7 @@ public function process(&$state): void
// Get the necessary info from the state data.
$employeeId = $this->getAttribute($this->employeeIdAttr, $state);
$mfa = $this->getAttributeAllValues('mfa', $state);
$isHeadedToMfaSetupUrl = self::isHeadedToUrl(
$isHeadedToMfaSetupUrl = self::isHeadedToMfaSetupUrl(
$state,
$this->mfaSetupUrl
);
Expand Down
66 changes: 61 additions & 5 deletions modules/profilereview/lib/Auth/Process/ProfileReview.php
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
use SimpleSAML\Auth\ProcessingFilter;
use SimpleSAML\Auth\State;
use SimpleSAML\Module;
use SimpleSAML\Module\mfa\Auth\Process\Mfa;
use SimpleSAML\Module\profilereview\LoggerFactory;
use SimpleSAML\Session;
use SimpleSAML\Utils\HTTP;
Expand Down Expand Up @@ -68,15 +67,37 @@ protected function loadValuesFromConfig(array $config, array $attributes): void
{
foreach ($attributes as $attribute) {
$this->$attribute = $config[$attribute] ?? null;

Mfa::validateConfigValue(
self::validateConfigValue(
$attribute,
$this->$attribute,
$this->logger
);
}
}

/**
* Validate the given config value
*
* @param string $attribute The name of the attribute.
* @param mixed $value The value to check.
* @param LoggerInterface $logger The logger.
* @throws \Exception
*/
public static function validateConfigValue($attribute, $value, $logger)
{
if (empty($value) || !is_string($value)) {
$exception = new \Exception(sprintf(
'The value we have for %s (%s) is empty or is not a string',
$attribute,
var_export($value, true)
), 1507146042);

$logger->critical($exception->getMessage());
throw $exception;
}
}

/**
* Get the specified attribute from the given state data.
*
Expand Down Expand Up @@ -118,13 +139,48 @@ protected function getAttributeAllValues($attributeName, $state)
return is_null($attributeData) ? null : (array)$attributeData;
}

/**
* Return the saml:RelayState if it begins with "http" or "https". Otherwise
* return an empty string.
*
* @param array $state
* @returns string
* @return mixed|string
*/
protected static function getRelayStateUrl($state)
{
if (array_key_exists('saml:RelayState', $state)) {
$samlRelayState = $state['saml:RelayState'];

if (strpos($samlRelayState, "http://") === 0) {
return $samlRelayState;
}

if (strpos($samlRelayState, "https://") === 0) {
return $samlRelayState;
}
}
return '';
}

protected function initComposerAutoloader()
{
$path = __DIR__ . '/../../../vendor/autoload.php';
if (file_exists($path)) {
require_once $path;
}
}

protected static function isHeadedToProfileUrl($state, $ProfileUrl)
{
if (array_key_exists('saml:RelayState', $state)) {
$currentDestination = self::getRelayStateUrl($state);
if (! empty($currentDestination)) {
return (strpos($currentDestination, $ProfileUrl) === 0);
}
}
return false;
}

/**
* Redirect the user to set up profile.
Expand All @@ -135,7 +191,7 @@ public static function redirectToProfile(&$state)
{
$profileUrl = $state['ProfileUrl'];
// Tell the profile-setup URL where the user is ultimately trying to go (if known).
$currentDestination = Mfa::getRelayStateUrl($state);
$currentDestination = self::getRelayStateUrl($state);
if (! empty($currentDestination)) {
$profileUrl = HTTP::addURLParameters(
$profileUrl,
Expand Down Expand Up @@ -165,7 +221,7 @@ public function process(&$state)
{
// Get the necessary info from the state data.
$employeeId = $this->getAttribute($this->employeeIdAttr, $state);
$isHeadedToProfileUrl = Mfa::isHeadedToUrl($state, $this->profileUrl);
$isHeadedToProfileUrl = self::isHeadedToProfileUrl($state, $this->profileUrl);

$mfa = $this->getAttributeAllValues('mfa', $state);
$method = $this->getAttributeAllValues('method', $state);
Expand Down

0 comments on commit 4cb55ef

Please sign in to comment.